The IAM Business Security Architect will develop and deploy xIAM solutions, improve onboarding processes, and provide architecture advisory services for security operations.
Cloud Security Services is currently looking for an experienced external Identity and Access Management (xIAM / CIAM) architect with background in global, complex, and diverse xIAM environments to assist with the development of a program that will design, develop, and deploy xIAM solutions. Experience with business architecture is a plus as the right candidate will be enabling change management activities to identify areas where process controls could be made more efficient and help reduce cycle times for onboarding of new resources onto the team through training, education and mentoring activities. This is a 6-month remote opportunity with the possibility of going full-time.
Key Responsibilities:
Provide Business Architecture for Security support to meet primary goals for:
- Maturing Business Architecture for Security
- Operating Model
- Staffing Plan
- Clarifying Roles & Responsibilities
- RACI
- Role-Based Curricula Development
- Onboarding Process Improvement
- Reduce Ramp-up Time for New Hires
- xIAM Architecture Advisory
- Analysis
- Reference Architecture
- Solution Architecture
This is in order to (1) Advance client’s target state xIAM platforms / services with key capabilities around BYOID (Bring Your Own ID), common identity, modern authentication, core profile data management, consent & privacy management, etc. and (2) Meet the xIAM needs of specific applications by leveraging target state xIAM platforms / services where available, or by delivering interim solutions when requisite target state xIAM platforms / services are not yet finalized.
Responsibilities:
- xIAM program architecture support
- Support to advance product roadmap milestones, as needed
- Align target skill sets with business objectives and deliverables
- Develop RACI or related framework that outlines the resource roles and responsibilities in alignment with client objectives
- Facilitate and develop new hire (resource) onboarding processes
- Facilitate and develop new hire (resource) training content and processes
- Facilitate playbook creation and maintenance protocol
- Develop method to assess efficiency and effectiveness of onboarding processes
- Define and document continuous improvement recommendations
Required Skills:
- 7-10 years’ experience working in the Identity and Access management (IAM) information security space in an architecture and engineering capacity.
- 5-7 years’ experience with the following:
- Global Workforce IAM
- Global Consumer IAM (CIAM)
- Federation and single sign-on (B2B and B2C)
- National Institute of Standards and Technology (NIST) 800-53
- NIST 800-63
- NIST Cybersecurity Framework (CSF)
- Experience creating high and low level IAM architecture patterns
- Experience developing and implementing IAM strategies and roadmaps
- Experience with major IAM platforms including:
- Microsoft Active Directory
- One Identity Manager
- Ping Federate
- Experience building roles and responsibilities (e.g., RACI matrices)
- Experience with process control design
- Ability to work as liaison between business and information security/information technology
- Ability to clearly explain IAM & xIAM concepts to audiences of various levels.
- Broad and deep understanding of xIAM- and IAM-related capabilities, patterns, protocols, technologies, and solutions.
- Intimately familiar with xIAM- and IAM-related protocols such as OAuth, OIDC, SAML, LDAP,
SPML, XACML, SCIM, Kerberos, PKI (certs, CA’s, sigs, etc).
- Strong experience with directories, SSO, federation, MFA, RBA, delegated administration, API gateways, SOA services.
Preferred Skills:
- Experience with App Gateways, App Proxies, Live Chat, Chat Bots, Contact Centers, IVRs and Web Portals for CIAM
- Good understanding of MFA, PAM and Risk Based Authentication
- Deep technical experience with two or more xIAM technologies including Okta, Janrain / Akamai, Forgerock, Microsoft Azure B2C, Amazon AWS Cognito.
- Strong familiarity with adjacent technologies such as PingFederate/PingOne, IGA (e.g.: OneIM, Sailpoint), virtual directory (e.g.: Radiant), API management (e.g.: Apigee, Mulesoft).
- Understanding of industry and leading practices including industry standards such as the National Institute for Standards and Technology (NIST) Special Publication (SP) 800-63; Digital Authentication, NIST Cybersecurity Framework (CSF) and NIST SP 800-53; Security and Privacy Controls.
- Business process engineering experience
- Strong project management skills
- A deep overall understanding of business & technology transformation around digital identity both within and across enterprises, identity providers, and other entities.
- Excellent interpersonal communication skills with strong spoken and written English.
- Business outcomes mindset.
- Understanding of global regulations and compliance frameworks including
- NY DFS
- CCPA
- GDPR
- Solid balance of strategic thinking with detail orientation.
- Collaborative team worker – both in person and virtually using MS Teams or similar.
- Flexibility to accommodate working across different time zones.
- CISSP, CISM, or equivalent certification a plus.
- BS in Computer Science or related field of study, or equivalent work experience
Preferred Education:
- Cybersecurity certifications such as CISSP, CISM, etc.
Top Skills
Api Gateways
Ciam
Iam
Kerberos
Ldap
Mfa
Microsoft Active Directory
Oauth
Oidc
One Identity Manager
Ping Federate
Pki
SAML
Scim
Soa Services
Spml
Xacml
Similar Jobs
Information Technology • Cybersecurity
Manage and develop phishing and social engineering training content, analyze threats, collaborate on security outcomes, and translate technical knowledge for nontechnical users.
Top Skills:
CSSHTML
Information Technology • Cybersecurity
This role involves leading Detection Engineering and Threat Hunting, managing teams, strategizing with senior leaders, budgeting, and fostering a high-performance culture.
Top Skills:
BudgetingCybersecuritySecurity OperationsThreat Detection
Information Technology • Cybersecurity
As a Staff Platform Engineer, you'll build automated tools for operations, enhance observability in cloud environments, and maintain CI/CD pipelines to support scalable services at Huntress.
Top Skills:
AzureEcsGoKubernetesLinuxPostgresPythonTerraform
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
